+/*
+ * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ * SecExternalRep.h - private classes representing external representations of
+ * SecKeychainItemRefs, used by SecImportExport.h
+ */
+
+#ifndef _SECURITY_SEC_EXTERNAL_REP_H_
+#define _SECURITY_SEC_EXTERNAL_REP_H_
+
+#include "SecImportExport.h"
+
+/*
+ * mechanism to limit private key import
+ */
+typedef enum {
+ PIS_NoLimit, // no limit
+ PIS_AllowOne, // allow import of at most one
+ PIS_NoMore // found one, no more allowed
+} ImpPrivKeyImportState;
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+/*
+ * When exporting, each instance of this represents one keychain item we're
+ * exporting. Note that SecIdentityRefs are represented by two of these - one
+ * for the cert, one for the key.
+ */
+class SecExportRep
+{
+protected:
+ SecExportRep(
+ CFTypeRef kcItemRef);
+
+public:
+ /* default constructor throws */
+ SecExportRep();
+
+ /*
+ * Gleans SecExternalItemType from incoming type, throws MacOSError if
+ * incoming type is bogus, and vends an instance of a suitable subclass.
+ * Vended object holds a reference to kcItem for its lifetime.
+ */
+ static SecExportRep *vend(
+ CFTypeRef kcItemRef);
+
+ virtual ~SecExportRep();
+
+ /*
+ * Append external representation to CFData.
+ * Implemented in subclass.
+ */
+ virtual OSStatus exportRep(
+ SecExternalFormat format,
+ SecItemImportExportFlags flags,
+ const SecKeyImportExportParameters *keyParams, // optional
+ CFMutableDataRef outData, // data appended here
+ const char **pemHeader); // e.g., "X509 CERTIFICATE"
+
+ /* member variables are read-only to the public */
+ SecKeychainItemRef kcItem() { return mKcItem; }
+ SecExternalItemType externType() { return mExternType; }
+ CFArrayRef pemParamLines() { return mPemParamLines; }
+
+protected:
+ SecKeychainItemRef mKcItem;
+ SecExternalItemType mExternType; // inferred in vend()
+ CFArrayRef mPemParamLines; // optional PEM header strings
+
+};
+
+/*
+ * Class representing one item we're importing from external representation.
+ * Normally represents the one "thing" the app has provided to
+ * SecKeychainItemImport(), but when importing in kSecFormatPEMSequence
+ * format, the inpus is parsed into separate components, each of which
+ * gets one instance of this class.
+ */
+class SecImportRep
+{
+private:
+ /* no default constructor */
+ SecImportRep() { }
+
+public:
+ /*
+ * Between constructor and the importRep() call, we're a placeholder to
+ * allow our owner to keep track of what is in an incoming pile of bits.
+ * We keep a reference to the incoming CFDataRef for our lifetime.
+ */
+ SecImportRep(
+ CFDataRef external,
+ SecExternalItemType externType, // may be unknown
+ SecExternalFormat externFormat, // may be unknown
+ CSSM_ALGORITHMS keyAlg, // may be unknown, CSSM_ALGID_NONE
+ CFArrayRef pemParamLines = NULL);
+
+ ~SecImportRep();
+
+ /*
+ * Convert to one or more SecKeychainItemRefs and/or import to keychain.
+ * Both mExternType and mExternFormat must be valid at this point.
+ * Any conversion requiring unwrapping rerquires either a keychain
+ * into which the unwrapped items will be imported) or a CSPDL handle (in
+ * which case the resulting items are floating and ephemeral).
+ * If we create a SecKeychainItemRefs, the only ref count held on
+ * return will be that held by outArray.
+ *
+ * Incoming CSP handle is required; by convention it must be derived from
+ * importKeychain if importKeychain is present.
+ */
+ OSStatus importRep(
+ SecKeychainRef importKeychain, // optional
+ CSSM_CSP_HANDLE cspHand, // required
+ SecItemImportExportFlags flags,
+ const SecKeyImportExportParameters *keyParams, // optional
+ ImpPrivKeyImportState &keyImportState, // IN/OUT
+ CFMutableArrayRef outArray); // optional, append here
+
+private:
+ /* implemented in SecWrappedKeys.cpp */
+ OSStatus importWrappedKeyOpenssl(
+ SecKeychainRef importKeychain, // optional
+ CSSM_CSP_HANDLE cspHand, // required
+ SecItemImportExportFlags flags,
+ const SecKeyImportExportParameters *keyParams, // optional
+ CFMutableArrayRef outArray); // optional, append here
+
+ /* optional inferred PrintName attribute */
+ char *mPrintName;
+
+public:
+ /* Just keep these public, it simplifies things */
+ CFDataRef mExternal;
+ SecExternalItemType mExternType;
+ SecExternalFormat mExternFormat;
+ CSSM_ALGORITHMS mKeyAlg;
+ CFArrayRef mPemParamLines; // optional PEM header strings
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+extern "C" {
+
+/* implemented in SecWrappedKeys.cpp */
+OSStatus impExpWrappedKeyOpenSslExport(
+ SecKeyRef secKey,
+ SecItemImportExportFlags flags,
+ const SecKeyImportExportParameters *keyParams, // optional
+ CFMutableDataRef outData, // output appended here
+ const char **pemHeader, // RETURNED
+ CFArrayRef *pemParamLines);// RETURNED
+
+}
+
+#endif /* _SECURITY_SEC_IMPORT_EXPORT_H_ */
projects / apple / security.git / blobdiff